Yes, responding to my own post, I know (actually, I left incidents on the post below by mistake...) As several people have pointed out, the person who made the 1.17M claim later revised it to "only" about 200K or so. And that's just him. I have no real difficulty believing that we've in the 100's of thousands neighborhood at this point. This is the most "successful" worm I've ever seen. Parts of the code are damn clever as well (take a real close look at how it "hacks" the web pages.) The worm would also be dead simply to modify, as well. All that you would need for simple mods is a hex editor. I'm pretty sure we'll see copycats in the next few days. Things could get pretty bad in the short term. Ryan On Thu, 19 Jul 2001, Ryan Russell wrote: > I'm a bit stunned at the moment by a note to Bugtraq from a guy at LBL who > claims that 1.17 Million different IP addresses have tried his address > space, meaning that at least that many different IIS boxes have been > nailed. I'm rather amazed. > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jul 19 2001 - 23:39:05 PDT